In the future, the auto service shop might closely resemble a computer repair counter. Shops may need a full-time information technology (IT) pro, not only to keep the shop’s computer systems up-to-date, but to also work on customer vehicles. While computerized systems have changed the way diagnostics are being handled — reducing workload, in many cases, from a full day to under an hour — those same computer systems need to be updated, patched and secured just like the software on the office PC. Moreover, there is already a growing concern that computerized systems on a vehicle could be as easily hacked or infected by malware (malicious software) as an office computer. Even more worrisome is the fact that fewer computer experts are on-hand to handle these sorts of updates. As today’s new cars age and come out of warranty, this could be an opportunity for the auto service industry, as someone is going to have to ensure the computer systems are, in fact, protected.
Software Hacks Computer viruses have existed practically as long as there have been connected computers, and these viruses became an issue for businesses and consumers alike in the 1990s and early 2000s. While malware or malicious software — a blanket term for viruses, Trojan horses, rootkits, backdoors and other software exploits — has remained an issue for computer users, the anti-virus/anti-malware industry has managed to combat and address this ongoing threat. At the same time, software designers have done a better job of pulling so-called holes or exploits in the code on desktops. In addition, developers of mobile phones and tablets have sought to create a better strategy of ensuring software compatibility and security through an approval process. This is also where software is largely obtained through app stores, and it has helped reduce the spread and proliferation of malware to mobile devices. The problem today is cars are more connected yet largely unprotected when compared to the mobile phone or personal computer. Earlier this year, Internet security firm FireEye warned that connected vehicles could be at risk to certain types of software. This could include the manipulation of vehicle operation, by using vehicular systems as “command and control (C2) infrastructure” for illicit purposes and ransomware. The hacking of actual vehicles to take control is not only theoretical but has actually been achieved in a controlled test. During the Black Hat USA 2016 security conference in Las Vegas, professional security consultants/white hat hackers Charlie Miller and Chris Valasek, presented a video where they were able to take control of a 2014 Jeep Cherokee by sending false messages to its internal networks. This allowed them to take control of the Jeep’s steering, accelerator and brakes. This hack came a year after the pair showed they could kill the engine in the same vehicle by hacking into its network, which prompted a recall of 1.4 million Jeeps and other vehicles so as to provide a software update. The C2 infrastructure hack could be used to target a connected vehicle, whereby that vehicle could spread malware to other nearby vehicles — much in the way a PC can be overtaken by malware and become a zombie machine to spread spam and viruses at the behest of the hackers. However, the greatest threat facing drivers could be ransomware, more recently dubbed jackware. It would be similar to attacks on PCs, whereby a computer or network is locked and essentially held for ransom. It has suggested that with a vehicle it might not be just a matter of being locked out of the device, but possibly even being locked in the car! While there haven’t been any targeted attacks against vehicles, ransomware has been used against government and commercial institutions. A side category of ransomare is scareware, where the user is essentially fooled into paying a fee for service. This particular threat could be one that has the potential of fooling the less tech-savvy drivers — possibly with warnings that a vehicle’s warranty needs to be renewed or that a driver violated a traffic law. Such threats, which could come in via the infotainment systems could seem very real to drivers, especially those who may be so worried over a fine or warranty concern they pay first and research later. All of these threats could be serious enough that the industry will have to do something to combat it, including the hardening of systems and security software, notably better confirmation of compatibility between systems and software and, finally, skilled personnel to remove all forms of malware, as well as to handle software updates. “Vehicles are mini-spaceships today, and that means they can be corrupted,” warned Ken Barker of Cottman Transmission and Total Auto Care in Waldorf, Maryland. “The same technology that makes us so great as a nation can be used as a destructive device.”
New Business Opportunity These threats, along with the fact that cars will only become more sophisticated with even greater connectivity, will likely mean technicians will have to understand how these systems operate during even routine service. One comparison today is big-box retailers, such as Best Buy, service not only computers but other connected systems in the home, as well. “When Best Buy sold PCs they had to have help desks to resolve problems, but now people are buying connected smart TVs, and Best Buy’s help desk resolves those problems, as well,” said John Pesatore, director of emerging security trends at SANS, a cooperative research and education firm. “We’re seeing that more and more devices — from TVs to appliances — now need a level of tech support, and the vehicle could be a future opportunity for the auto service industry.” In the case of the Jeep recall — as well as other software-related recalls — drivers could download the software themselves, but as these threats increase, it could require a trip to the dealer or, likely, a third-party shop. “In the future, offering this type of service will be essential; it could be the ‘high-tech’ technician or the software technician,” said Trish Serratore, president of the National Automotive Technicians Education Foundation and the Automotive Youth Educational Systems (NATEF/AYES). “It isn’t unrealistic to think that very soon an auto service business will have to have an IT guy to do these software updates,” explained Kyle Landry, research associate at Lux Research. “Some software, such as Tesla’s Auto-Pilot, was pushed through with a software update, but these aren’t the sort of updates everyone can do themselves.” As the systems become more complicated — with driving assist features, entertainment and communication technology — the software could require more frequent updates. Some of this may be simple push updates that are automatic and, thus, similar to those on a mobile phone, but if there is corruption of the software or, worse, malware, which could require a professional reinstallation of software to resolve the problems. “For service shops, this could be an opportunity to help customers with their software-related issues,” Pescatore said. “This is a growth area, and the auto industry service businesses could see this as a new revenue stream.” Some shops have already been exploring offering computer software services for vehicles. For Precision Auto Care, this has been business as usual for 20 years. “Since 1996 and even prior, we have been updating and doing fresh installs and also reinstalls on automotive computer modules,” said Joel Burrows, vice president for training and research and development at Precision Auto Care, Inc. “Software updates are common today to fix ongoing issues, and service facilities that are dedicated to training and keeping up-to-date with the latest technology and necessary equipment must be able to perform these programming functions to be competitive in the automotive aftermarket.”
New Hardware Can Mean New Software Another aspect of software updates is in many instances, when a part is replaced in the car, the computer software must be updated to accept the new part. For this reason, Precision Auto Care is already training its technicians to be automotive IT experts. “They must understand the data network and how each computer module communicates to problem solve,” Burrows added. “It is not just enough to understand how the network communication works, but more importantly, how all the operating systems on the vehicle work in conjunction with the computer network.” At present, the malware any tech really needs to deal with is the programming glitches that come from the factory. “These are usually fixed out in the field with a software update,” Burrow said. As this type of update becomes more common, the entire auto service industry may require technicians to undergo even more specific training to handle these tasks. “We already believe in continuous training,” Serratore said. “This is an ongoing issue where technicians need to upgrade their skills, and with the increase in software-based systems, we’re going to see individuals enter the industry with this new skill set. We’ll also see technicians who enjoy this type of work and can add these new skills to the tool box they already have.” However, Burrows was quick to note computers are a new addition to cars, which means techs still need to be automotive techs first and IT techs second. “Vehicles ran perfectly fine long before laptop computers and cell phones were even a gleam in someone’s eye watching an original Star Trek episode for the first time,” Burrows joked. “The basic non-computerized systems must be operating properly before you can start pointing the blame to the computer network.”
